Notes from the OASIS/World Bank workshop on “Open Standards for Government Transformation: Enabling Transparency, Security and Interoperability” in Washington.

.

Concluding Session: Concluding remarks from the Steering Committee

Chair: Wm.(Bill) Barnhill, Booz Allen Hamilton & Secretary, Steering Committee OASIS eGov Member Section

Randeep Sudan , Practice Leader for e-Government, Global ICT Department, World Bank

Very interesting sessions – trying to highlight the key takeaways:

• Open standards are important, interoperability is really important – but open standards should be viewed as part of a framwork, not isolated, long term stability is vital
• Importance of security- risk management framework is a vital approach, a structured way to look at security issues; there’s a whole range of stakeholders involved, all of them should be mentioned in the framework
• Cloud computing – new approaches, developing countries should start experimenting & using the cloud
• Suggestion – connect experts in the field to share experience

Notes from the OASIS/World Bank workshop on “Open Standards for Government Transformation: Enabling Transparency, Security and Interoperability” in Washington.

.

Panel Two: Public Financial Management and e-Procurement

Chair: Laurent Liscia, Executive Director, OASIS

.

Standards for Public Financial Management, including e-Procurement

David Temoshok, Director, Identity Policy & Management, GSA, Washington

What does interoperability really mean in this environment?

Focus on approach for e-Procurement in this talk

US eGov initiatives – since 2001

• aims: reduce federal spending, less paperwork, better response time
• 24 projects as starting point
• Integrated Acquisition Environment (IAE) to promote competition, transparency and efficiency in the federal acquisition life cycle

projects: G2G, G2B, G2C, internal effectiveness & efficiency

Provided business services are based on a common infrastructure model

Federal Identity and Access Management

U.S. Government Four Authentication Assurance Levels

• NO confidence
• SOME confidence
• HIGH confidence
• VERY HIGH confidence

If assurance increases, costs increase as well – for the transactions as well as the credentials

Applying a standard framework with all projects

Interoperability:

• it’s not possible to get a single product
• GSA definition of interoperability: “…Two or more devices, components, or systems to exchange information in accordance with defined interface specifications and to use the information that has been exchanged in a meaningful way”

Starting gate:

• common protocols
• standard data models
• reference implementations
• standard testing for interoperability
• …

IAE – goals:

• simple integrated business processes
• increase data sharing
• unified approach to obtain modern tool

IAE – business areas & transactions:

• create standards for registration/sharing points & for transactions – “common language”

Lessons learned:

• Establish federal governance framework
• Engage stakeholders
• Communication is vital
• Redesigning is a big challenge

.

Cyber Security Issues Impacting Public Sector Financial Management

John T. Sabo, CISSP Director, Global Government Relations, CA, Inc.

Interoperable framework with a need for security

What if enterprises rely on infrastructure we do not control?

There is a growing internet dependence – it is sometimes impossible to step back

Control System vulnerabilities are dangerous too – even though they do not necessarily affect the financial sector

We do not have risk management models – too low priority

There is a cybersecurity foundation in place working with the officials

• There are basic technology standards
• Also for identity and access management
• So a lot of basics are in place
• But we don’t have an overarching risk management framework in place

Cybersecurity is a functional requirement

Complexities of the IT Sector make it very challenging to apply risk management

A lot of stakeholders which contribute to the (in)security of the network

There is an “IT Sector Specific Plan” in place

Current issues:

• What is the governments role in protecting critical infrastructure? / What’s the role of the private sector?
• Thresholds for cyber-incidents
• New Federal Leadership, Organizational Alignment
• Legislation and Oversight on standards

4 Strategic Focus Areas

• dentity and Trust Infrastructure Components
• Identity and Trust Policies and Enforcement
• Barriers and Emerging Issues
• Education and Outreach

A number of technical committees working on interoperability standards

Key Management Interoperability Protocol (KMIP)

• key lifecycle management
• how to manage keys

We have emerging cybersecurity risks, we have some basics in place and we have to build on these foundations, public and private sector together

.

Standards-Based e-Government Procurement Systems: Opportunities and Priorities

Eduardo Talero, Senior Consultant, World Bank

Electronic Government Procurement (eGP)

• provides transparency, efficiency, synergy to government procurement
• supply chain integration

Why standards?

• Enhance connectivity and interoperability
• Generate trust
• More competition
• More transparency
• Increased ROI
• Enhance efficiency and flexibility of public procurement

Privacy fears – some incidents happened, it IS dangerous

Standards and eGP

• various standards
• HTTP, HTTPS, UDDI, ebXML

Use of Open Standards/Open Source by 14 leading eGP governments:

• only few usage of Linux/Apache/MySQL, …

Standards/FOSS and agile system development

Short design time for eGovernance systems

• resulting system: black box
• limited configurability
• vendor lock in
• monopoly on pricing
• limited interoperability
• This has to change!

Using open standards and agile development can provide major improvements in eGovernment systems

Ideal systems: industrial-strength eGovernance systems that are also easy to change, interoperable, social, knowledge-oriented, community-driven…

What can MDBs do?

• develop lending instruments and procurement procedures for agile system development
• level procurement playing field
• reference good practice standards
• recommend standards

Closing thoughts

• “Standards enhance economy, efficiency, competition, transparency and evolution of eGP
• Free and Open source SW (FOSS) facilitates and accelerates use of open standards
• Open standards/FOSS facilitate fast, iterative development of eGovernance applications which now take too long and are very risk-prone.
• Governments cannot afford to build the organic, social applications of the future only with proprietary standards/technology.
• MDBs can be far more proactive in referencing, recommending and sometimes even requiring Standards.
• MDB’s need to create level playing field for procurement of FOSS and for contracting of agile application development. “

If you want to do eGovernment well, the only way to do it is via open standards

.

Q & A:

Q: Will there be a forum for issues considering open standards development?

Eduardo Talero: There is awareness that there is a discussion needed, you are welcome to join.

Q: How do governments contribute to open source solutions? At some point governments have to address the copyright issues.

Q: Are there off-the-shelf e procurement products, not to start from scratch? Could you name which country/ies has/have implemented them with demonstrable good results?

A: Two systems on Sourceforge. But there is nothing which could for example replace SAP.

Q: How come that Open source is not popular yet in eGovernment initiatives?

Eduardo Talero: I don’t know any major system – and it does not really make sense, the role is to foster development, not to provide a whole system.

Q: Which developing country already implemented eGovernment initiatives

A: None has implemented the whole framework, but some have implemented certain parts – e.g. Vietnam, Sri Lanka.

Notes from the OASIS/World Bank workshop on “Open Standards for Government Transformation: Enabling Transparency, Security and Interoperability” in Washington.

.

Panel One: Identity, Authentication and Security

Chair: Deepak Bhatia, Practice Leader for e-Government Applications, Global ICT Department, World Bank

Once againback the importance of standards

Vendors and technology can stay and go but open standards should stay forever

It’s really difficult to provide a citizen-centered view

.

Identity, Authentication Standards: Status Report

Speaker:  Colin Wallis, Identity Standards Manager, New Zealand Government, OASIS eGov Steering Committee, OASIS eGov Steering Committee

Clues, what New Zealand has got and how the development took place+

Life would be easy with just one standardization organization, but there are several such bodies – net sector SDO, sector standards, jurisdiction, protocols – “standards soup”

Some of the organizations:

• W3C – founder: Tim Berners Lee, important for standards
• IETF – Internet Engineering Task Force
• ISO – International Organization for Standardization

We want to get to Web 3.0, Identity 2.0 and Government 2.0 – but first we have to reach Identity 1.0, Interoperability 1.0, Convergence 0.0

eGov profile of SAML – differently applied in different countries

It’s vital to ensure that the applications in different countries “talk to each other”

Developing nations:

• “have the power”
• Customer
• Vote – 1 country, 1 vote – use it responsibly
• Knowledge – it’s already there and can be used
• Neutral
• It’s important to begin

.

Credential Management Evolution

Speaker: Bob Sunday, Senior Architect, CTO, PWGSC, Canada & OASIS eGov Steering Committee

Canada: 33m population, low density – how to get services to all these people

2000 – strong push to anabling government services online, big success story

• Building a new Canda-wise network
• Secure infrastructure

In 2000 PKI (public key infrastructure) was the standard, so Canada build one – now it’s used in 83 different programs

• epass certificates
• nowadays: over 5m certificates issued
• ~0,5m unique logins per week
• amazing sucess

Now it has to be replaced – opportunity to chose the standards which will stay for the next 10-20 years

Getting ready for the “SAML-wireless world”

Many requierements

• multiple credential providers
• multiple levels of assurance
• technology neutral

It’s important now to chose a standard-based architecture, they have to be fully integrated

A lot of decisions have to be taken:

• Underlying architecture: long term stability -> SAML , it’s an entire architecture
• Proven implementation profile: ensure availability of proven interoperable COTS products

Strategy to move to a new system:

• From an existing epass solution, they users and the applications have to be moved to a new system with a new credential system
• the new system has to talk to the old system
• finally the converted applications have to be replaced by new applications, which work with the converted users

“We are just at the beginning of the path”

True messages:

• It’s vital to have a framework putting the open standards together
• It’s important for them to be interoperable
• Testing interoperability is really good
• Stability for the long term is substantial

.

Information Security Standards: Promoting Trust, Transparency and Due Diligence

Speaker: Ron Ross, Senior Computer Scientist and Information Security Researcher, National Institute of Standards and Technology

Security is at the core of making the technology work

Security is not an impediment, but an enabler

Security is a combination of management, techical & operational aspects

We need to establish a standard on due diligence

Business relationship: how do I know that I can trust my partner?

• Common language to describe security
• Open standards for security

There is big business in destroying customers, breaking into systems, stealing intellectual property, …

It’s important to make a global effort for enhanced security

Today we are so dependent on technology, security should be our first concern

Important parts of an enterprise security concept – framework for managing risk:

• Security plan
• Security assesment report – did we do a good job managing riks?
• Plan of action and milestones – how to manage vulnarabilities

.

Q & A:

Q: When you have providers in the country, is there also a drive for identity management across the borders?

Bob Sunday: Of course – but you have to define the work “identity”, Canada has gone away from credintialing, anonymous credentialing has big strengths.

A: Standardization around identity management is possible.

Q: Is Ghana a leader in eGovernment and are you willing to share with other African countries?

Sam Somuah: We are quite far ahead, definitely we are willing to share our experiences.

Q:Why is seperation of credential providers necessary?

Bob Sunday: Seperation of credential providers because it’s a commercial market for credential providers – it’s a way to make it more competitive. We don’t want to force the citizins to have a certain credential.

Q: How is membership in OASIS organized?

A: Your membership will be a government membership, so everybody can join there. OASIS is made up of its members, they decide.

Q: Explain more this quote: “We want Web 3.0, Identity 2.0 and Gov 2.0, but 1st: Identity 1.0, Interoperability 1.0, Convergence 0.0″

A: There’s a lot of people looking ahead to what’s in the future – but the developments right now should be to “get the engines going”, the basics have to be in place to start further advances.

Q: Is Cloud Computing already relevant in this enterprise architecture discussion?

A: Just short: it’s much more complex than people think.

Notes from the OASIS/World Bank workshop on “Open Standards for Government Transformation: Enabling Transparency, Security and Interoperability” in Washington.

Keynote speech:

e-Government in Ghana and the Adoption of Open Standards – Experiences, Challenges and Perspectives

Speaker: Dr. Sam Somuah, Director General, Ghana Information and Communications Directorate (GICTeD)

presenting efforts & eGovernment initiatives in Ghana

opportunity to create improvement in government – more convenient interactions with citizens;

it’s important to assure interoperability between government agencies

Ghana: 23m inhabitants, 75% literacy rate, per capita income: 661$, language: English

Ghana ICT4AD – transform Ghana to an information rich society by using ICTs;

Transforming eGovernment, stages: web presence -> construct -> interact -> transact -> transform

Currently in the second year of an 11 year plan, good collaboration with the World Bank

e-Ghana project: improve delivery of eGovernment services & leverage ICTs for economic growth & poverty reduction

e-Government Interoperability Framework (eGIF) – “A set of Policies, Technical Standards, as well as Guidelines covering ways to achieve interoperability among MDAs and other Government organizations”

How are open standards used?

• All activities are highly formalized
• There exists legislation to ensure compliance with standards

Why does Ghana want to go the direction to apply an international interoperbility framework?

• increased efficience
• more investments

All agencies, new projects, … have to comply to the standards

All the standards & guidelines conform to open standard principles

Guidelines:

• Internet & WWW standards
• XML as standard
• Browser as key interface
• Adopt open standards supported by the market

Scope of e-GIF: all sectors, from G2G (government to government) to G2C (government to citizen)

Several working groups under the guidance of Ghana ICT Directorate (GICTeD)

It is important to assure to have good guidance

Issues that are adressed concerning technical standards:

• e-services Access – standards for different hardware
• Interconnectivity – standards for connecting systems
• Security – standards for encryption
• Business Areas – standards for business specific content
• Discovery – standards for locating resources
• Data Exchange & Integration – standards for metadata

At the country level there are a lot of beneftis of open standards – improving quality of contact to citizens, but also business impact

It is planned to implement a government portal

Conclusions:

• “ICT provides Ghana with opportunity to meet development Goals
• The e-Government initiative on Interoperability will support improved service delivery to citizens; reducing the cost to government of delivering services and sharing information; and delivering greater economic efficiencies for the wider economy
• Collaboration with bodies such as OASIS, W3C etc will facilitate GoG efforts”

Notes from the OASIS/World Bank workshop on “Open Standards for Government Transformation: Enabling Transparency, Security and Interoperability” in Washington.

Introduction of the viewers worldwide: Ghana, Kenya, Moldova, Russia, Rwanda, Sri Lanka, Tanzania

Outcomes at local workshops discussing the topics in advance:

• Russia: developments in the last 10 years in the IT sector, quite impressive number of projects; but Russia is lacking behind in open standards & interoperability because there is a lack of guidelines
• Sri Lanka: discussion open standards especially at the architecture level; how to get more people to apply standards
• Tanzania: different starting points – issues of vendor/buyer relations, awareness, procurement, legal environment; how to make the local IT industry support the standards; documentation is often inadequate; workgroups for the evolution of standards – contribution of international organizations; raise awareness for the need for open standards; create instruments to empower people; cross border interoperability – ideas: compliance to international standards bodies, interaction between regional bodies, formalizing as quickly as possible

Opening Keynote Session: Open Standards for Government Transformation

Workshop moderator: Randeep Sudan, Practice Leader for e-Government, Global ICT Department, World Bank

Introduction of speakers;

It’s vital to involve developing countries in the process workshop today is part of government transformation initiative – provide a network for developing countries to assist in eGovernment increasingly open standards are getting mentioned a lot.

Welcome and Introduction:

• Laurent Liscia, Executive Director, OASIS

Very fond of worldwide audience – right question were asked

OASIS – organization which promotes open standards;

open source is not open standards; open source has different versions which don’t interoperate; open standards make sure that everything interoperates;

examples for created standards: ODF (open document format – Star Office, Open Office), ebXML, …

everybody should become a member to profit from these standards and the increased interoperability

• Han Fraeters, Manager, GDLN/ Knowledge Exchange, World Bank

World Bank Institute – trying to reach more scale by doing things in partnerships, also with business;

trying to change the approach to learning – it’s not only about technical things, but also about social processes;

it’s important to identify the potential and capacities, constraints, the momentum for change; understanding the local conditions is vital to build a reform process

IT is an enabler for change in governments

learning is important – but not the kind which happend in the classroom, but through exchange of experience

• Randeep Sudan, Practice Leader for e-Government, Global ICT Department, World Bank

if we think of interoperability, organizational issues are as important as technical ones

there is an increasing awareness on open standards – UK has come up with an action plan on open standards, Indian government is also planning on transforming to open standards

.

Added later (15:32 CET):

• Philippe Dongier, Manager, Global ICT Department, World Bank

What could be a way to support many countries?

One way to answer: round table with the president of the world bank & business leaders – how to benefit from collaborations with the industry

A network which should be formed here – peer to peer networks of practitioners for various sectors such as eProcurement, identification, … – also with the private sector & organizations such as OASIS

World Bank wants to support these networks with whatever they need to do it right

Initiative: funding to support transforming strategies of governments of developing countries; working with a wide range of countres

On Friday 17 April there will be a workshop organized by the eDevelopment group of the World Bank, OASIS (organization promoting and developing open standards) and the World Bank Institute about Open Standards for Government Transformation: Enabling Transparency, Security and Interoperability. It will be held in Washington DC from 8:15 to 15:30 local time and speakers include worldwide professionals in the field of open standards, as well as officials from the World Bank, OASIS and the private sector.

Open standards are substantial to guarantee transparency, security and interoperability, especially in times of rapid technological development and increasing reliance on software tools for government interaction with their citizens.

Furthermore, as Paul Collier also stated in his book “The Bottom Billion“, in particular in so-called “less developed countries” open and internationally agreed standards can give governments a good guideline for reforms, increasing trust of citizens and investors.

Oleg Petrov, the eDevelopment group coordinator also wrote a blog post about the event, stating that the workshop

offers a unique opportunity to exchange experiences amongst professionals from the World Bank, leading public administrations, country clients and the private sector regarding the significance of open standards for public sector reform and efficiency. Issues surrounding public financial management, e-procurement, cloud computing, electronic identitification, security, and interoperability frameworks will be discussed. [from Open Standards for Government Transformation: Enabling transparency, security and interoperability]

ICT4D.at will attend whis event via webcast and twitter and blog live.

If you are interested in joining – please register online:

+ To attend in person in Washington DC register here:
https://www.oasis-open.org/apps/2009_eGov_Washington_Workshop/register_contact.php
+ To attend online via live webcast register here:
http://go.worldbank.org/BGZ8XU3KF0